Changeflow GovPing Insurance Phishing Emails Target Hong Kong MPF Members
Routine Notice Added Final

Phishing Emails Target Hong Kong MPF Members

Favicon for www.mpfa.org.hk MPFA Hong Kong News
Published
Detected
Email

Summary

MPFA and eMPF Platform Company Limited have issued an alert regarding phishing emails originating from noreply@hkmpf.com that falsely claim suspicious logins or abnormal activities in recipients' eMPF Platform accounts. The emails direct users to fraudulent websites in an attempt to harvest login credentials. Both MPFA and eMPF Company have confirmed they have no connection to these emails and have reported the incidents to Police. Official email domains for MPFA are @mpfa.org.hk and for eMPF Company are @empf.org.hk, @support.empf.org.hk, and @osc.empf.org.hk.

“MPFA is highly concerned about those cases and seriously clarifies that neither MPFA nor eMPF Company has any connection with those emails and the fraudulent website.”

MPFA , verbatim from source
Why this matters

Firms operating online financial account portals, including MPF scheme administrators, should review their domain-protection and anti-impersonation strategies in light of this credential-harvesting campaign. Guidance to customers on verifying legitimate communications—checking sender domains against official lists—represents a proportionate first step given the low cost of the measure relative to the potential harm from successful phishing.

AI-drafted from the source document, validated against GovPing's analyst note standards . For the primary regulatory language, read the source document .
Published by MPFA on mpfa.org.hk . Detected, standardized, and enriched by GovPing. Review our methodology and editorial standards .

About this source

GovPing monitors MPFA Hong Kong News for new insurance regulatory changes. Every update since tracking began is archived, classified, and available as free RSS or email alerts — 3 changes logged to date.

View original document View source feed page

What changed

MPFA and eMPF Company have issued a joint fraud alert regarding phishing emails impersonating both organisations. The emails, sent from noreply@hkmpf.com, falsely claim that recipients' eMPF Platform accounts have been subject to suspicious logins or abnormal activities, and attempt to lure recipients into clicking hyperlinks leading to fraudulent websites.

Financial services firms operating online member portals, including MPF administrators, should review domain-spoofing protections and consider issuing guidance to customers distinguishing legitimate communications from phishing attempts. Recipients of suspicious emails claiming to be from MPFA or eMPF Company should verify sender domains and contact official numbers directly rather than using contact details provided in suspicious communications.

What to do next

  1. Anyone who has received those emails or clicked on any of the links, and suspects that personal information may have been leaked should report it to the Police for assistance immediately.
  2. If eMPF users receive suspicious emails, please contact immediately MPFA (Tel: 2918 0102 / email: mpfa@mpfa.org.hk) or eMPF Company (Tel: 183 2622 / email: enquiry@support.empf.org.hk)

Archived snapshot

Apr 22, 2026

GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.

Info Center

Press Releases

Share

Beware of Fraudulent Emails Purporting to be from MPFA or eMPF Company

MPFA noted recently that there have been phishing emails originating from noreply@hkmpf.com, falsely claiming to be from MPFA and/or eMPF Platform Company Limited (eMPF Company). Those emails claimed that there are suspicious logins and abnormal activities in the eMPF Platform (eMPF) accounts of the recipients, attempting to lure them into clicking on hyperlinks embedded in the emails that direct them to fraudulent websites.

MPFA is highly concerned about those cases and seriously clarifies that neither MPFA nor eMPF Company has any connection with those emails and the fraudulent website. The MPFA and the eMPF Company reiterate that they will not request members of the public to access or use eMPF TM services through any channels other than the official eMPF website at https://www.empf.org.hk and the eMPF mobile application. The eMPF Company has reported those cases to the Police and urges the public to remain vigilant. Anyone who has received those emails or clicked on any of the links, and suspects that personal information may have been leaked should report it to the Police for assistance immediately.

MPFA reminds the public that the official email domain of MPFA is “@mpfa.org.hk”, and those of eMPF Company are “@empf.org.hk”, “@support.empf.org.hk” and “@osc.empf.org.hk”. If members of the public receive emails claiming to be from either MPFA or eMPF Company that are not sent from the above official email domains, they should not click on any hyperlink in the email or provide any eMPF account information.

If eMPF users receive suspicious emails, please contact immediately MPFA (Tel: 2918 0102 / email: mpfa@mpfa.org.hk) or eMPF Company (Tel: 183 2622 / email: enquiry@support.empf.org.hk) .

– Ends –
2 April 2026

< Back

Parties

eMPF Platform Company Limited

Related changes

Favicon for www.hkma.gov.hk Scam Alert: Five Hong Kong Banks Affected by Fraudulent Websites and Phishing
Routine Apr 22, 2026 HKMA Press Releases Banking & Finance
Favicon for www.mpfa.org.hk MPFA Releases Provisional MPF Investment Returns Data as of March 2026
Routine Apr 22, 2026 MPFA Hong Kong News Insurance
Favicon for www.mpfa.org.hk Good MPF Employer Award 2024-25 Sets Record with 2,378 Companies, 330,000 Employees
Routine Apr 22, 2026 MPFA Hong Kong News Insurance

Get daily alerts for MPFA Hong Kong News

Daily digest delivered to your inbox.

Free. Unsubscribe anytime.

Source

Favicon for www.mpfa.org.hk
MPFA Hong Kong News mpfa.org.hk/en/info-centre/press-releases
Insurance

About this page

What is GovPing?

Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission

What's from the agency?

Source document text, dates, docket IDs, and authority are extracted directly from MPFA.

What's AI-generated?

The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.

Last updated

Press inquiries →

Classification

Agency
MPFA
Published
April 2nd, 2026
Instrument
Notice
Branch
Executive
Legal weight
Non-binding
Stage
Final
Change scope
Minor

Who this affects

Applies to
Consumers Financial advisers
Industry sector
5221 Commercial Banking
Activity scope
Fraud warning Phishing alert
Geographic scope
Hong Kong HK

Taxonomy

Primary area
Consumer Finance
Operational domain
Compliance
Topics
Cybersecurity Consumer Protection

Browse Categories

Agriculture & Food Safety 77 AI Regulation 3 Banking & Finance 475 Consumer Protection 116 Courts & Legal 436 Data Privacy & Cybersecurity 102 Defense & National Security 53 Education 64 Energy 101 Environment 168 Gaming 2 Government & Legislation 460 Healthcare 15 Healthcare & Life Sciences 393 Immigration 10 Insurance 86 Labor & Employment 159 Pharma & Drug Safety 21 Professional Licensing 8 Real Estate & Housing 85 Securities & Markets 176 Tax 84 Telecom & Technology 48 Trade & Sanctions 144 Transportation 94

Get alerts for this source

We'll email you when MPFA Hong Kong News publishes new changes.

Free. Unsubscribe anytime.

You're subscribed!